security-threat-model

SKILL.md

Security Threat Modeling systematically identifies vulnerabilities, threats, and mitigations for systems handling sensitive data. It transforms ad-hoc security thinking into structured analysis using STRIDE methodology, trust boundary mapping, and defense-in-depth principles.

Document components, external services, users, data stores, and communication paths. See Common Patterns for architecture examples. For straightforward systems → Use resources/template.md.

Mark where data crosses security domains (user → server, server → database, internal → third-party). See Trust Boundary Mapping for boundary types.

在设计或审查处理敏感数据（PII、PHI、财务、身份验证凭据）的系统、构建具有安全影响的功能（身份验证、支付、文件上传、API）、准备安全审计或合规性（PCI、HIPAA、SOC 2）、调查安全事件、集成第三方服务时，或者当用户提及“威胁模型”、“安全架构”、“STRIDE”、“信任边界”、“攻击面”或“安全审查”时使用。 来源：lyndonkl/claude。

查看原文